Kaspersky blew whistle on NSA hacking tool hoarder

Kaspersky blew whistle on NSA hacking tool hoarder

Harold T. Martin III, a former government contractor, is still facing trial for the alleged theft of massive amounts of National Security Agency data, including documents and tools from the NSA’s Tailored Access Operations Division. Now, a new report by Kim Zetter for Politico suggests that the NSA and the Justice Department tracked down Martin thanks to information shared by an ironic source: the Moscow-based malware protection company Kaspersky Lab. Citing two anonymous sources familiar with the investigation, Zetter reports that Kaspersky Lab employees passed information on Martin to the US government after he sent unusual direct messages via Twitter to the company in 2016.

Kaspersky passed the US government five messages from an anonymous Twitter account named @HAL999999999 to two researchers at the company. The first message, sent August 15, 2016, requested that a researcher facilitate a conversation with “Yevgeny,” the given name of Kaspersky Lab founder and CEO Eugene Kaspersky. “So, figure out how we talk… With Yevgeny present,” the message read. The second message: “Shelf life, three weeks.”

After responding to the messages, both Kaspersky researchers were promptly blocked by the @HAL999999999 account, according to Politico’s sources. Analysis of the account by Kaspersky researchers linked it to Martin and work he did for the US intelligence community. That prompted Kaspersky employees to reach out to the NSA, as they believed it might be connected to the Shadow Brokers case.

There’s no small amount of irony in the detail, as Kaspersky’s software and services have been banned for government use by a law signed by President Donald Trump in December of 2017. Kaspersky has been accused of sharing data from antivirus agent software with Russian intelligence, and Kaspersky data may have been used to identify a computer storing NSA data. Kaspersky issued a report claiming that the company had detected files associated with the NSA “Equation Group” hacking tools after a Kaspersky customer’s computer became infected with a backdoor packaged with pirated Microsoft Office software.